Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Invision PowerBoard < 2.0.3 SQL Injection

High

Synopsis

The remote host is running a vulnerable version of Invision Power Board, a CGI suite designed to set up a bulletin board system on the remote web server.

Description

The remote host is running Invision Power Board, a CGI suite designed to set up a bulletin board system on the remote web server. A vulnerability has been discovered in the remote version of this software that may allow unauthorized users to inject SQL commands in the remote SQL database. An attacker may use this flaw to gain the control of the remote database and possibly to overwrite files on the remote host.

In addition, a remote HTML injection flaw has been identified within Invision Power Board. An attacker exploiting this flaw would be able to control the way that the website is presented. In order to exploit such a vulnerability, the attacker would need to be able to convince a user to visit a malicious website.

Solution

Upgrade to version 2.0.3 or higher.